Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    CRITICAL
    CVE-2025-34152

    An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without reboo... Read more

    Affected Products :
    • Published: Aug. 07, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 9.4

    HIGH
    CVE-2016-8491

    The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.... Read more

    Affected Products : fortiwlc fortiwlc
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 9.4

    HIGH
    CVE-2021-38917

    IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted service procedures. IBM X-Force ID: 210018.... Read more

    Affected Products : powervm_hypervisor
    • Published: Dec. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2021-39635

    ims_ex is a vendor system service used to manage VoLTE in unisoc devices,But it does not verify the caller's permissions,so that normal apps (No phone permissions) can obtain some VoLTE sensitive information and manage VoLTE calls.Product: AndroidVersions... Read more

    Affected Products : android
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2023-6353

    Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter. ... Read more

    Affected Products : court_case_management_plus
    • Published: Nov. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2023-6354

    Tyler Technologies Magistrate Court Case Management Plus allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the PDFViewer.aspx 'filename' parameter. ... Read more

    Affected Products : court_case_management_plus
    • Published: Nov. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2022-41271

    An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform... Read more

    Affected Products : netweaver_process_integration
    • Published: Dec. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2022-23555

    authentik is an open-source Identity Provider focused on flexibility and versatility. Versions prior to 2022.11.4 and 2022.10.4 are vulnerable to Improper Authentication. Token reuse in invitation URLs leads to access control bypass via the use of a diffe... Read more

    Affected Products : authentik
    • Published: Dec. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2018-14786

    Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentica... Read more

    • Published: Aug. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2023-1898

    Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. An attacker could enter a session ID number to retrieve data for an active user’s session.... Read more

    • Published: Jun. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2023-4523

    Real Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting, which could allow an attacker to run any JavaScript reference from the URL string. If this were to occur, the gateway's HTTP interface would re... Read more

    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2020-11275

    Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IO... Read more

    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-11984

    A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with S... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 20, 2024

  • 9.4

    CRITICAL
    CVE-2024-54450

    An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X-Forwarded-For header is received during authentication, the Kurmi application will record the (possibly forged) IP address mentioned in that header rather than the real IP address that ... Read more

    Affected Products :
    • Published: Dec. 27, 2024
    • Modified: Dec. 28, 2024

  • 9.4

    CRITICAL
    CVE-2024-3375

    Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dialogue: from v1.83 before v1.83.1 or v1.84.... Read more

    Affected Products :
    • Published: Apr. 29, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-25507

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx.... Read more

    Affected Products : ruvaroa
    • Published: May. 07, 2024
    • Modified: Apr. 16, 2025

  • 9.4

    CRITICAL
    CVE-2024-25514

    RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx.... Read more

    Affected Products : ruvaroa
    • Published: May. 07, 2024
    • Modified: Apr. 16, 2025

  • 9.4

    CRITICAL
    CVE-2024-32977

    OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the `autologinLocal` optio... Read more

    Affected Products : octoprint
    • Published: May. 14, 2024
    • Modified: Apr. 10, 2025

  • 9.4

    CRITICAL
    CVE-2024-5176

    Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and prior.... Read more

    Affected Products :
    • Published: May. 31, 2024
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2024-3033

    An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including r... Read more

    Affected Products : anythingllm
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 292879 Results